// Copyright 2014 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/40285824): Remove this and convert code to safer constructs. #pragma allow_unsafe_buffers #endif #include <stddef.h> #include <stdint.h> #include <string.h> #include <array> #include <memory> #include "base/check_op.h" #include "base/containers/span.h" #include "base/numerics/safe_conversions.h" #include "base/numerics/safe_math.h" #include "components/webcrypto/algorithms/aes.h" #include "components/webcrypto/algorithms/util.h" #include "components/webcrypto/blink_key_handle.h" #include "components/webcrypto/status.h" #include "crypto/openssl_util.h" #include "third_party/abseil-cpp/absl/numeric/int128.h" #include "third_party/blink/public/platform/web_crypto_algorithm_params.h" #include "third_party/boringssl/src/include/openssl/aes.h" #include "third_party/boringssl/src/include/openssl/cipher.h" namespace webcrypto { namespace { const EVP_CIPHER* GetAESCipherByKeyLength(size_t key_length_bytes) { … } // Encrypts/decrypts given a 128-bit counter. // // |output| must have the same length as |input|. Status AesCtrEncrypt128BitCounter(const EVP_CIPHER* cipher, base::span<const uint8_t> raw_key, base::span<const uint8_t> input, base::span<const uint8_t, 16> counter, base::span<uint8_t> output) { … } // Returns ceil(a/b), where a and b are integers. template <typename T> T CeilDiv(T a, T b) { … } // Extracts the counter as a `absl::uint128`. The counter is the rightmost // `counter_length_bits` of the block, interpreted as a big-endian number. absl::uint128 GetCounter(base::span<const uint8_t, 16> counter_block, unsigned int counter_length_bits) { … } // Returns a counter block with the counter bits all set all zero. std::array<uint8_t, AES_BLOCK_SIZE> BlockWithZeroedCounter( base::span<const uint8_t, AES_BLOCK_SIZE> counter_block, unsigned int counter_length_bits) { … } // This function does encryption/decryption for AES-CTR (encryption and // decryption are the same). // // BoringSSL's interface for AES-CTR differs from that of WebCrypto. In // WebCrypto the caller specifies a 16-byte counter block and designates how // many of the right-most X bits to use as a big-endian counter. Whereas in // BoringSSL the entire counter block is interpreted as a 128-bit counter. // // In AES-CTR, the counter block MUST be unique across all messages that are // encrypted/decrypted. WebCrypto expects that the counter can start at any // value, and is therefore permitted to wrap around to zero on overflow. // // Some care is taken to fail if the counter wraps back to an earlier value. // However this protection is only enforced during a *single* call to // encrypt/decrypt. Status AesCtrEncryptDecrypt(const blink::WebCryptoAlgorithm& algorithm, const blink::WebCryptoKey& key, base::span<const uint8_t> data, std::vector<uint8_t>* buffer) { … } class AesCtrImplementation : public AesAlgorithm { … }; } // namespace std::unique_ptr<AlgorithmImplementation> CreateAesCtrImplementation() { … } } // namespace webcrypto
Codebase Browser
chromium